Change settings.go to ignore user input for OOM killer if running under Cgroupv2

[m3ow-dev]

If host is running Cgroupv2, ignore user input and keep OOM killer enabled at all times.

related:

• #21520 crun not working with pterodactyl wings containers/crun#1416
• Issues when running Wings with Podman pterodactyl/panel#4928

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Improved Out-of-Memory (OOM) killer configuration to better detect and handle different container runtime environments, with enhanced support for cgroup v2 systems.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Modified OOM killer configuration logic in environment/settings.go to conditionally set OomKillDisable based on the OOMKiller flag and cgroup version detection, checking for the presence of /sys/fs/cgroup/cgroup.controllers to determine v2 cgroup availability.

Changes

Cohort / File(s)	Summary
OOM killer cgroup-aware configuration environment/settings.go	Removed static OomKillDisable initialization; added conditional logic that sets OomKillDisable when OOMKiller is disabled and cgroup v2 is not detected. Added os package import for filesystem check. Included explanatory comments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify filesystem check logic for cgroup detection is correct
• Confirm the conditional logic properly handles edge cases (missing file, permission errors)
• Ensure added comments accurately describe the cgroup v1/v2 behavior

Poem

🐰 A cottontail squint at the kernel's dark art,
Where cgroups and killers keep systems apart,
V1 or V2, we now gently detect,
OOM's softer touch—a resource correct! 🌱

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: modifying settings.go to handle OOM killer behavior differently based on cgroup version (v2 vs v1), which aligns with the code changes that conditionally set OomKillDisable based on cgroup version detection.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 96a1251 and 9a58c23.

📒 Files selected for processing (1)

• environment/settings.go (2 hunks)

🔇 Additional comments (2)

environment/settings.go (2)

6-6: LGTM!

The os package import is necessary for the cgroup version detection logic.

---

112-112: LGTM!

The blank line improves readability by separating the variable declaration from the struct initialization.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Improve error handling to distinguish file-not-found from other errors.

The current implementation treats any error from os.Stat as an indication of cgroup v1, which could lead to incorrect behavior if the error is due to permission issues, I/O errors, or other filesystem problems rather than the file not existing.

Apply this diff to properly handle errors:

 // If the user wants to disable the OOM killer, we need to handle it differently
-// depending on the cgroup version.
+// depending on the cgroup version. On cgroup v2, disabling the OOM killer is not
+// supported (see containers/crun#1416, pterodactyl/panel#4928), so we ignore the
+// user setting and keep it enabled.
 if !l.OOMKiller {
-    if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); err == nil {
-    } else {
+    if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); os.IsNotExist(err) {
+        // cgroup v1: honor user preference to disable OOM killer
+        log.Debug("detected cgroup v1, disabling OOM killer as requested")
         resources.OomKillDisable = boolPtr(true)
+    } else if err != nil {
+        // Unexpected error (permissions, I/O, etc.) - log and default to safe behavior
+        log.WithError(err).Warn("failed to detect cgroup version, keeping OOM killer enabled")
+    } else {
+        // cgroup v2: ignore user preference and keep OOM killer enabled
+        log.Debug("detected cgroup v2, ignoring OOM killer disable request")
     }
 }

This approach:

• Uses os.IsNotExist to specifically check for file-not-found
• Adds logging for observability and debugging
• Handles unexpected errors safely by keeping OOM killer enabled
• Improves the comment to explain the rationale and reference related issues

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// If the user wants to disable the OOM killer, we need to handle it differently
	// depending on the cgroup version.
	if !l.OOMKiller {
	if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); err == nil {
	} else {
	resources.OomKillDisable = boolPtr(true)
	}
	}
	// If the user wants to disable the OOM killer, we need to handle it differently
	// depending on the cgroup version. On cgroup v2, disabling the OOM killer is not
	// supported (see containers/crun#1416, pterodactyl/panel#4928), so we ignore the
	// user setting and keep it enabled.
	if !l.OOMKiller {
	if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); os.IsNotExist(err) {
	// cgroup v1: honor user preference to disable OOM killer
	log.Debug("detected cgroup v1, disabling OOM killer as requested")
	resources.OomKillDisable = boolPtr(true)
	} else if err != nil {
	// Unexpected error (permissions, I/O, etc.) - log and default to safe behavior
	log.WithError(err).Warn("failed to detect cgroup version, keeping OOM killer enabled")
	} else {
	// cgroup v2: ignore user preference and keep OOM killer enabled
	log.Debug("detected cgroup v2, ignoring OOM killer disable request")
	}
	}

🤖 Prompt for AI Agents

In environment/settings.go around lines 121 to 128, the os.Stat error is
currently treated as "file missing" for cgroup detection which conflates
missing-file with other errors; update the logic to call os.Stat and then use
os.IsNotExist(err) to detect cgroup v1 explicitly, set resources.OomKillDisable
= boolPtr(true) only when the file does not exist, and in the else branch log
unexpected errors (permission/IO) and leave OOM killer enabled (do not set
OomKillDisable) so we fail safe; also expand the comment to explain the
rationale and reference related issues for future debugging.

[parkervcp]

I think this would be the best way check if the file doesn't exist instead of any error.

if err == os.ErrNotExist {
    // cgroup v1
}

[coderabbitai]

🧩 Analysis chain

🌐 Web query:

Go os.IsNotExist vs os.ErrNotExist direct comparison best practice

💡 Result:

Best practice (Go 1.13+): prefer errors.Is(err, fs.ErrNotExist).

• The os docs explicitly note that os.IsNotExist predates errors.Is and say: “New code should use errors.Is(err, fs.ErrNotExist).” [1]
• os.ErrNotExist is just an alias of fs.ErrNotExist (ErrNotExist = fs.ErrNotExist). [2]

Avoid direct comparison (err == os.ErrNotExist or err == fs.ErrNotExist) because filesystem calls typically return wrapped errors like *os.PathError (and may wrap syscall errors), so equality often won’t match even when the underlying condition is “does not exist”. Using errors.Is (or os.IsNotExist) handles that. [1][3]

import (
  "errors"
  "io/fs"
  "os"
)

_, err := os.Stat(path)
if err != nil {
  if errors.Is(err, fs.ErrNotExist) {
    // missing
  } else {
    // other error
  }
}

When is os.IsNotExist OK? For older codebases or when you want the legacy helper; it still works, but errors.Is(..., fs.ErrNotExist) is the modern, general approach. [1]

Sources: [1] https://golang.bg/pkg/os/ (IsNotExist docs) · [2] https://golang.bg/src/os/error.go (ErrNotExist alias) · [3] https://stackoverflow.com/questions/33398110/in-golang-os-openfile-doesnt-return-os-errnotexist-if-file-does-not-exist

---

@parkervcp, I appreciate the feedback! However, direct comparison with err == os.ErrNotExist unfortunately won't work reliably in this case. Here's why:

os.Stat() returns wrapped errors (typically *os.PathError), not the raw os.ErrNotExist, so direct equality comparison will always be false even when the file doesn't exist.

Modern best practice (Go 1.13+):

if errors.Is(err, fs.ErrNotExist) {
    // cgroup v1: file doesn't exist
    resources.OomKillDisable = boolPtr(true)
}

Also acceptable (legacy helper):

if os.IsNotExist(err) {
    // cgroup v1: file doesn't exist
    resources.OomKillDisable = boolPtr(true)
}

Both errors.Is() and os.IsNotExist() properly unwrap the error to check the underlying condition, while direct comparison does not. The Go documentation for os.IsNotExist explicitly recommends using errors.Is(err, fs.ErrNotExist) for new code.

Would you prefer errors.Is(err, fs.ErrNotExist) (modern approach) or os.IsNotExist(err) (simpler, still works)?

[parkervcp]

I think this would be the best way check if the file doesn't exist instead of any error.

if err == os.ErrNotExist {
    // cgroup v1
}